Another Security Breach this Time Connected to Metadata

January 10, 2014

When Netflix first launched I read an article about how everyone’s individual movie tastes are different. There are not any two alike and Netflix created an algorithm that managed to track each user’s queue down to the individual. It was scary and amazing at the same time. Netflix eventually decided to can the algorithm (or at least they told us), but it still leaves a thought that small traces of metadata can lead to you. The Threat Post, a Web site that tracks Internet security threats, reported on how “Stanford Researchers Find Connecting Metadata With User Names Is Simple.”

A claim has been made that user phone data anonymously generated cannot be tracked back to an individual. Stanford Researchers proved otherwise. The team started the Metaphone program that collects data from volunteers with Android phones. The project’s main point was to collect calls, text messages, and social network information for the Stanford Security Lab to connect metadata and surveillance. They selected 5,000 random numbers and were able to match 27% of the them using Web sites people user everyday.

The article states:

“ ‘What about if an organization were willing to put in some manpower? To conservatively approximate human analysis, we randomly sampled 100 numbers from our dataset, and then ran Google searches on each. In under an hour, we were able to associate an individual or a business with 60 of the 100 numbers. When we added in our three initial sources, we were up to 73,’ said Jonathan Mayer and Patrick Mutchler in a blog post explaining the results.”

The article also points out that if money was not a problem, then the results would be even more accurate. The Stanford Researchers users a cheap data aggregator instead and accurately matched 91 out of 100 numbers. Data is not as protected or as anonymous as we thought. People are willing to share their whole lives on social media, but when security is mentioned they go bonkers over an issue like this? It is still a scary thought, but where is the line drawn over willing shared information and privacy?

Search the site

Stephen E. Arnold monitors search, content processing, text mining
and related topics from his high-tech nerve center in rural Kentucky.
He tries to winnow the goose feathers from the giblets. He works with colleagues
worldwide to make this Web log useful to those who want to go
"beyond search". Contact him at sa [at] arnoldit.com. His Web site
with additional information about search is arnoldit.com.